Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20060168168 A1
Publication typeApplication
Application numberUS 10/547,741
PCT numberPCT/GB2004/001202
Publication dateJul 27, 2006
Filing dateMar 19, 2004
Priority dateMar 20, 2003
Also published asCN1778068A, CN1778068B, EP1604489A1, US8423633, WO2004084490A1
Publication number10547741, 547741, PCT/2004/1202, PCT/GB/2004/001202, PCT/GB/2004/01202, PCT/GB/4/001202, PCT/GB/4/01202, PCT/GB2004/001202, PCT/GB2004/01202, PCT/GB2004001202, PCT/GB200401202, PCT/GB4/001202, PCT/GB4/01202, PCT/GB4001202, PCT/GB401202, US 2006/0168168 A1, US 2006/168168 A1, US 20060168168 A1, US 20060168168A1, US 2006168168 A1, US 2006168168A1, US-A1-20060168168, US-A1-2006168168, US2006/0168168A1, US2006/168168A1, US20060168168 A1, US20060168168A1, US2006168168 A1, US2006168168A1
InventorsQuanshi Xia, Helmut Simonis
Original AssigneeCisco Technology, Inc.
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Assisted determination of data flows in communication/data networks
US 20060168168 A1
Abstract
There is provided a method of determining data flow in a network, the method comprising: (a) selecting a location within the network for providing a data processing means adapted to process data pertaining to the network data flow; (b) determining the expense and/or level of data capture that would result from providing the data processing means at the selected location; and (c) providing the data processing means at the selected location dependent on the determination in step (b) and predetermined expense and/or data capture targets. This method can be used to select points inside the core of a network for data capture of flows routed through them in order to construct the traffic matrix of the network. This method has a number of advantages over known methods of obtaining the traffic matrix of a data network. In particular, it can be used for different use cases, maximizing the capture level for a given investment or finding the minimal investment to achieve a given capture level.
Images(10)
Previous page
Next page
Claims(39)
1. A method of determining data traffic flow in a network, the method comprising:
(a) selecting a location within the network for providing a data processing means adapted to process data pertaining to the network data traffic flow;
(b) determining the expense and/or level of data capture that would result from providing the data processing means at the selected location; and
(c) providing the data processing means at the selected location dependent on the determination in step (b) and predetermined expense and/or data capture targets.
2. The method of claim 1, further comprising:
repeating steps (a) and (b) for a plurality of locations; and
providing a said data processing means at each of a number of the selected locations dependent on the determination in steps (b) and predetermined expense and/or data capture targets.
3. The method of claim 2, further comprising:
determining a minimum overall data capture target; and
providing a said data processing means at each of a number of the selected locations to minimize the overall expense while meeting the minimum overall data capture target.
4. The method of claim 2, further comprising:
determining a maximum overall expense target; and
providing a said data processing means at each of a number of the selected locations to maximize the overall data capture while not exceeding the maximum overall expense target.
5. The method of claim 1, further comprising:
changing the configuration of the network;
determining the expense and/or increase or decrease in data capture that would result from re-locating a data processing means;
re-locating the data processing means dependent on the determination in the previous step and predetermined expense and/or data capture targets.
6. The method of claim 1, further comprising:
determining the traffic matrix of the network using data processed by the data processing means.
7. The method of claim 6, further comprising:
determining a plurality of traffic matrices over a predetermined period of time.
8. The method of claim 7, further comprising:
averaging the plurality of traffic matrices over said predetermined period of time.
9. The method of claim 7, further comprising:
determining the maximum data flow between two points in any of said plurality of traffic matrices to obtain a data flow worst case scenario.
10. The method of claim 6, further comprising:
repeating the traffic matrix determination to obtain data indicative of traffic evolution over time.
11. The method of claim 6, wherein the data capture target is determined by a percentage of the traffic matrix.
12. The method of claim 11, wherein the percentage of the traffic matrix is determined by a percentage of the total data flow volume in the network.
13. The method of claim 11, wherein the percentage of the traffic matrix is determined by a fraction of the number of data flows in the network.
14. The method of claim 1, further comprising:
simulating the routing algorithm used by the network to calculate the data capture of the data processing means.
15. The method of claim 1, wherein the expense is determined by the administration overhead in connection with processing data processed by a data processing means at a selected location.
16. The method of claim 1, wherein the expense is determined by the cost incurring by providing a data processing means at a selected location.
17. The method of claim 1, wherein the expense is determined by the decrease of performance by the network resulting from the provision of a data processing means at a selected location.
18. The method of claim 1, wherein said predetermined expense and/or data capture targets are met by varying the number of data processing means provided.
19. The method of claim 1, wherein the number of data processing means to be provided is predetermined.
20. The method of claim 1, wherein the data processing means comprise data collection means for collecting data pertaining to the network data flow.
21. The method of claim 1, wherein the data processing means comprise data extraction means for extracting data indicative of the network data flow from data processed by the data processing system.
22. The method of claim 20, wherein each data collection means is allocated to a data extraction means.
23. The method of claim 22, wherein the expense is determined by the cost of traffic between a data collection means and an allocated data extraction means.
24. The method of claim 1 implemented by mixed integer programming.
25. A computer program adapted to perform the method of claim 1 on a data processing system.
26. A method of observing data traffic in a network, the method comprising;
(a) determining a desired data collection result in relation to an acceptable data collection expense; and
(b) selecting a number of locations within the network for placing data collection means to obtain said desired data collection result at said acceptable data collection expense.
27. A data network comprising one or more inputs, outputs and routers, and a plurality of data processing means for processing data pertaining to the data flow in the network, wherein each of the data processing means is associated with a data capture value and/or an expense value, dependent on its location within the network, and wherein the number and/or locations of the data processing means are selected in accordance with predetermined expense and/or data capture targets.
28. The data network of claim 27, wherein the data processing means comprises data collection means for collecting data pertaining to the data flow in the network.
29. The data network of claim 28, wherein each of the data collection means is associated with one or more routers.
30. The data network of claim 29, wherein each data collection means is associated with one or more interface of an associated router.
31. The data network of claim 27, wherein the data processing means comprises data extraction means for extracting data indicative of the data flow in the network from the data processed by the data processing means.
32. The data network of claim 31, wherein each data collection means is allocated to a data extraction means.
33. The data network of claim 27, wherein some or all of the data processing means are connected to one another through a local area network.
34. The data network of any of claim 27, further comprising a central processing means for receiving data from the data processing means and determining the data flow in the network.
35. The data network of claim 34, wherein the central processing means is connected to some or all of the data processing means via the data network.
36. The data network of claim 27, wherein some or all of the data processing means are implemented in one or more of the routers.
37. The data network of claim 27, wherein the data processing means are software-implemented.
38. The data network of claim 27, wherein the data processing means are located and adapted to collect data pertinent to the data flow between routers.
39. The data network of claim 27, wherein the data processing means are located and adapted to collect data pertinent to the data flow between inputs and/or outputs.
Description
  • [0001]
    The present invention relates to a data network and a method of determining data flow in a data network.
  • BACKGROUND OF THE INVENTION
  • [0002]
    Obtaining the traffic matrix of a data network is often considered as the first step in a variety of operational management or planning tasks. The traffic matrix describes who is using the network by sending how much traffic between different points in the network. If the traffic matrix is understood accurately, it is possible, for example, to predict the impact of topology changes or study the behaviour of the network under the failure of components. The traffic matrix is also required when introducing traffic engineering (TE), explicitly controlling how traffic is moved through the network.
  • [0003]
    Considering its importance it may come as a surprise that there appear to be few known ways of extracting a traffic matrix from the actual network:
  • [0000]
    External Interface Capture
  • [0004]
    One method to obtain the complete traffic matrix is to collect data at all ingress/egress points. This provides all relevant information, without affecting core network performance. Clearly, the resource consumption of the edge devices will increase, and it may be prohibitively expensive to install data collectors for all edge interfaces. Transfer of the collected information to a central analysis point also is an issue. This method needs strong data aggregation in each access location in order not to swamp the network with Netflow-generated traffic. The number of concentrator devices required may be very large.
  • [0000]
    Zero Bandwidth Tunnels
  • [0005]
    In an MPLS (multi protocol label switching) enabled network, zero-bandwidth TE (traffic engineering) tunnels can be generated to measure traffic between different routers. By generating a full mesh of tunnels between all pairs of routers, a traffic matrix can be obtained simply by reading the MIB (management information base) traffic counters for the tunnels. A significant difficulty arises when implementing a full mesh of TE tunnels in networks where an SPF (shortest path first) routing scheme is already used. Capacity problems may occur when multiple equal-cost optimal routes exist in the SPF network, and the introduction of the TE tunnels would lead to a different traffic distribution.
  • [0000]
    Traffic Flow Analysis (TFA)
  • [0006]
    It is possible to infer traffic flows from interface counters by setting up a model linking the traffic volume through an interface to all flows that are routed through the interface. Unfortunately, this model is under-constrained, so that normally billions of wildly differing possible solutions exist. It is easy to find a solution that is consistent with the observed data, but there is no guarantee that the actual traffic matrix is the same or even related to the one obtained by the model.
  • [0007]
    This model describing the traffic matrix may be a good starting point for further extensions (called traffic inference (TI)), but on its own is not strong enough to provide reliable results.
  • [0000]
    LSP Counters
  • [0008]
    For MPLS-enabled networks, it is possible to collect LSP (label switched path) counter MIBs which provide information about certain aggregated flows in the network. The traffic matrix can be (partially) reconstructed from this information. Data collection across the network may create problems when the number of LSPs is large.
  • [0000]
    Deduction from SLA
  • [0009]
    If the SLAs (service level agreements) of the customers are detailed enough, it is possible to deduce an upper bound of the traffic matrix. This not only requires information about the ingress/egress bandwidth for each interface, but also requires information (or assumptions) about the destination of traffic injected from each customer interface. Often, this type of information is not directly available in the SLA. Another problem is that the SLA typically describes peak rates; applying them simultaneously across the network for all customers would lead to a massive overloading of the existing capacity.
  • [0000]
    Estimation
  • [0010]
    The traditional method of obtaining a traffic matrix is based on estimation by an experienced network manager. Depending on the knowledge available, this may provide a good picture of the actual traffic. However, without a way of checking against actual measured values, this approach seems limited to rough capacity planning, and many operational issues cannot be addressed.
  • [0011]
    It is thus desirable to provide an improved way of observing data traffic flow in a network with a view to determining the traffic matrix. The present invention aims to address this problem.
  • SUMMARY OF THE INVENTION
  • [0012]
    According to one aspect of the invention, there is provided a method of determining traffic flow in a network, the method comprising:
  • [0013]
    (a) selecting a location within the network for providing a data processing means adapted to process data pertaining to the network data flow;
  • [0014]
    (b) determining the expense and/or level of data capture that would result from providing the data processing means at the selected location; and
  • [0015]
    (c) providing the data processing means at the selected location dependent on the determination in step (b) and predetermined expense and/or data capture targets.
  • [0016]
    According to another aspect of the invention, there is provided a method of observing data traffic in a network, the method comprising:
  • [0017]
    (a) determining a desired data collection result in relation to an acceptable data collection expense; and
  • [0018]
    (b) selecting a number of locations within the network for placing data processing means to obtain said desired data collection result at said acceptable data collection expense.
  • [0019]
    According to another aspect of the invention, there is provided a data network comprising one or more inputs, outputs and routers, and a plurality of data processing means for processing data pertaining to the traffic flow in the network, wherein each of the data processing means is associated with a data capture value and/or an expense value, dependent on its location within the network, and wherein the number and/or locations of the data processing means are selected in accordance with predetermined expense and/or data capture targets.
  • [0020]
    Accordingly, the invention can be used to select points inside the core of a network for data capture of flows routed through them in order to construct the traffic matrix of the network.
  • [0021]
    This approach has a number of advantages over known methods of obtaining the traffic matrix of a data network. In particular, it can be used for different use cases, maximizing the capture level for a given investment or finding the minimal investment to achieve a given capture level:
  • [0000]
    First Use Case: which Capture Level for a Given Investment?
  • [0022]
    Usually, the number of data collectors that can be deployed is limited by the administration overhead imposed on the network managers, the effect on router performance by enabling collection for some interfaces, or the investment required for data collectors and deployment. The first use case therefore addresses the best use of a given investment limit. The objective is to maximize the information obtained from the ensemble of the collectors. This solution may be quite different from finding the best location for individual collectors.
  • [0023]
    An extended version of this use case comprises building a graph to indicate the coverage of the traffic matrix for different investment levels. Such a graph can be used in a cost/benefit analysis to choose the most appropriate number of data collectors for a given network.
  • [0000]
    Second Use Case: how Much to Invest for a Given Capture Level
  • [0024]
    The second use case addresses the question of how many data collection points are required to determine a given percentage of the traffic matrix, either in percentage of the total flow volume or as a fraction of the number of flows in the network. The result also presents a placement of the collectors and concentrators in the network. This use, case allows estimation of the investment required to achieve a certain level of accuracy for the flow capture.
  • [0000]
    Third Use Case: how to Re-arrange Captures when Collectors are Already Deployed
  • [0025]
    The third use case addresses the situation where data collectors are already deployed in the field. After a change of the topology, the routing or the traffic patterns, it is desirable to reconsider the placement of the data collectors. Moving a data collector incurs a certain redeployment cost, but, on the other hand, may help to increase the amount of information extracted. The present approach searches for a good compromise between further expense and the accuracy of the traffic matrix obtained. An extension of this use case also comprises buying new collectors, as well as moving existing ones. Again the objective is to find the best compromise between investment and accuracy of the results.
  • DETAILED DESCRIPTION OF AN EMBODIMENT
  • [0000]
    1 Non-Mathematical Description
  • [0026]
    In the following, an embodiment of the invention is explained in non-mathematical terms.
  • [0000]
    1.1 Network
  • [0027]
    The aim is to understand the traffic matrix in a computer network, i.e. to understand who is talking to whom and how traffic flows between different end points contribute to the overall utilization of the network.
  • [0000]
    1.1.1 Router
  • [0028]
    The main devices considered in the network are routers which forward traffic from external connections through the core of the network to other external connections. In particular, IP (Internet protocol) computer networks are considered, where traffic consists of packets that are transported individually through the network.
  • [0029]
    A router that is connected to external links is called a PE (provider edge) router, a router that is only connected to other routers of the same network is called P (provider core) router.
  • [0000]
    1.1.2 Interface
  • [0030]
    The connection of a router to a network link is called an interface. An interface typically sends and receives traffic over the same link, so that the two interfaces at both ends of a link see the same traffic.
  • [0000]
    1.1.3 Collectors
  • [0031]
    A data collector can be a hardware or software component, either forming part of a router or being a separate device. Collectors are identified by the interface for which they provide traffic information, but actual collectors may well collect multiple interfaces at the same time. Data collectors provide information about the traffic flows through the network, i.e. they provide partial information about the traffic matrix.
  • [0032]
    Two examples of data collectors are Netflow® and IP network probes. The first is a software feature of a router, which provides (if enabled) information about all packets that are forwarded over the interface. Depending on the version of the software and the associated protocol, key values (source, destination, ports, protocol) can be collected in the router's memory and are then forwarded to a data concentrator. Enabling Netflow on an interface may incur some performance penalty on the router performance, as it has to provide CPU power and memory for the data collection. Not all routers support Netflow, and other routers may support Netflow only on certain interface types,
  • [0033]
    Another type of data collector is an IP network probe, which is a device independent from a router. It attaches to a network link and collects information about the packets traversing the link. Such probes come in different variants and sizes, some are specialized for certain link technologies and have limits on which link speeds they can monitor. Network probes typically do not affect the performance of the network, but may require significant extra investment.
  • [0000]
    1.1.4 Flows and Routing
  • [0034]
    The granularity of the flows collected for the traffic matrix can be varied. In a simple approach, the flows between routers (or even just between groups of routers) are observed. This assumes that all traffic between two routers in the network is moving over the same route, which is controlled by the routing algorithm of the network. This granularity of flow model can be used for capacity planning or resilience analysis.
  • [0035]
    A more detailed traffic matrix would reflect all flows between the different customers of the network; these are referred to as CE-CE (customer edge to customer edge) flows. This information is useful when considering billing or a marketing analysis of the network use. Normally, there are many more CE-CE flows than flows between routers, so that the storage requirements are significantly higher. The flow Capture model of this embodiment handles both cases if the data collectors can provide information in the required granularity.
  • [0036]
    The model assumes that the routing in the network is sufficiently understood to tell which flows are captured if data collection is enabled for an interface. If there is more than one shortest path between two nodes in the network, this is dealt with as two independent flows that need to be captured individually. In this embodiment, a specific routing module is used that from the configuration files of the network calculates which flows are captured by which interfaces, by simulating the routing algorithm that is used. However, this routing information may also come from other sources, for example direct observation of the network.
  • [0000]
    1.2 Concentrators
  • [0037]
    In some situations the data collectors may be able to abstract the raw network data in such a way that the information can be directly read from a central system which interprets the results. However, the data collectors often provide a large amount of unprocessed data that needs to be concentrated before it is passed on to a central system.
  • [0038]
    This role is taken by concentrators, often workstations or PCs, which get the raw data from the data collectors and aggregate the relevant pieces of information. By co-locating these concentrators with the router, a local area network can be used for the high volume data traffic while using the network itself for transporting the much smaller concentrated traffic to a central analysis tool. By scaling the concentrator properly, it can handle the data volumes even of large capacity collectors, or may be able to control data collection from multiple interfaces at the same time. There obviously is a trade-off between the number of concentrators and their specification and resulting cost.
  • [0000]
    1.3 Locations
  • [0039]
    In the model of this embodiment, concentrators can be placed in different locations. Often, routers from a single point of presence (PoP) are co-located in the same building. In this case, this is the place where the concentrators for these routers are located.
  • [0040]
    If sufficient network capacity is available, a concentrator can be placed away from a router and a network used to handle the large-volume data transport. As link traffic data can be collected from both ends of a connection, there is an additional degree of freedom on where to place the concentrators.
  • [0000]
    1.4 Concentrator Traffic
  • [0041]
    Depending on the locations of the data collectors and the concentrators, significant network traffic can be created by the transportation of the raw, uncompressed measurements. This can be a significant cost factor. In comparison, the traffic between the concentrators and the central analysis platform can be neglected.
  • [0000]
    1.5 Router Capacity
  • [0042]
    If a Netflow type data collector is considered which uses router infrastructure for part of the data collection, then some penalty on the router performance results as soon as data collection is enabled. In order to minimize its impact, constraints on the router can be imposed to limit the consumption of resources. For example, the total number of collected interfaces, or the total flow rate that is travelling through collected interfaces can be limited. These limits will vary on different router types and on performance aims imposed on the network.
  • [0043]
    To express these restrictions, the concept of capacity types is introduced. For each capacity type, the capacity needed for a collected interface can be defined, and a limit imposed on the total consumption for all collected interfaces of a router.
  • [0000]
    1.6 Concentrator Capacity
  • [0044]
    In a similar way to the router capacity the concentrator capacity can be introduced. For different concentrator types limits are imposed on the total capacity of all data collectors which are assigned to a concentrator. This type of constraint can also be used to express compatibility of certain concentrator types with different data collectors.
  • [0000]
    1.7 Impact on Network
  • [0045]
    The capacity limits above are local limits which affect all collected interfaces of a router or those assigned to a concentrator. In addition, network-wide limits can be expressed, stating for example that only data at two high-speed interfaces in the whole network is to be collected. Such limits are advantageous in particular if all interfaces of the same technology type are considered.
  • [0000]
    1.8 Cost Model
  • [0046]
    A cost model is proposed that has three components. The first is the cost of the collected interfaces. For each interface, a cost is defined if it is collected. The collector cost is the sum of all these values. This may be either capital expenditure (in the case of network probes) or administration cost (since network managers may have to configure and maintain the data collection).
  • [0047]
    The second cost component is the cost of concentrators. Depending on their type and their number, but also on their location, there may be a wide choice of different solutions for concentrator selection at a location.
  • [0048]
    The third component is the cost of the traffic between the data collectors and their assigned concentrators. By co-locating concentrators and collectors, this cost may be reduced to zero. On the other hand, some under-utilized network and concentrator capacity can be used in assigning some data collectors to concentrators which are located at a different place.
  • [0000]
    1.9 Use Cases
  • [0049]
    In this embodiment the three use cases mentioned above are handled by stating different additional constraints and objective functions.
  • [0000]
    1.9.1 Use Case 1
  • [0050]
    In the first use case maximum capture for a given investment is to be achieved. An upper limit is imposed on the investment cost; subsequently the problem solver maximizes the cover achieved.
  • [0051]
    For each flow in the network, an interest value for each flow is defined if additional information about them is available (see section 4.2 below for an example). It is also preferable to collect interfaces with large traffic values in preference over interfaces with little traffic, since this assists in identifying flows with a large volume.
  • [0052]
    By stating constraints on capacity and investment cost, it can be ensured that a compromise between the cost of the data collection and the flow capture is found.
  • [0000]
    1.9.2 Use Case 2
  • [0053]
    In the second use case a lower limit is imposed on the capture rate. The investment required to achieve it is subsequently minimized.
  • [0000]
    1.9.3 Use Case 3
  • [0054]
    For the third use case, it can be assumed that existing equipment only is used. The capture rate is then maximized while not exceeding the number of existing concentrators and collectors. If the data collection is implemented by software, the number of collected interfaces does not need to be restricted. For every device, a cost of removing it from its previous location and another cost of placing it at another location is considered.
  • [0000]
    2 Model
  • [0055]
    In this section a model of the flow capture problem is presented in the form of a MIP (mixed integer programming) model. This model is exemplary, i.e. it is used to define and clarify the above described constraints and choices and should not be seen as the only possible implementation model.
  • [0056]
    In any given implementation, only parts of the general model are used, thus allowing significant simplifications of some of the constraints to be made.
  • [0000]
    2.1 Constants
  • [0057]
    First, the constants used in the present embodiment are defined:
  • [0000]
    Definition 2.1: N is the set of all considered routers in the network. Indices s refer to routers.
  • [0000]
    Definition 2.2: I is the set of all considered interfaces in the network. Typically, all core interfaces for which data capture can be enabled are considered. The indices i and j refer to interfaces.
  • [0058]
    Definition 2.3: F is the set of all considered flows in the network. Typically, all PE to PE flows in the network are considered. The model also works for CE to CE flows and for partial flow capture, where the set of interesting flows is a priori restricted to a subset of all possible flows. Indices f refer to flows.
  • [0059]
    This model can also consider multiple, equal cost paths between two points in the network. Each of these paths is considered as defining a separate flow that needs to be captured.
  • [0000]
    Definition 2.4: L is the set of all possible concentrator locations. Indices l refer to locations.
  • [0060]
    Definition 2.5: Q is the multi-set of all possible concentrator types. This can be used for example to represent different types of concentrators with varying cost and capability. By using a multi-set, the use of more than one concentrator of the same type in some location is enabled. This gives maximal flexibility in choosing the right concentrator(s) at each location to handle the data volume of the selected interfaces. The value Q indicates the maximum number of concentrators that can be used at any given location. Indices q refer to concentrator types.
  • [0061]
    Definition 2.6: T is the set of all interface technologies that are used in the network. Typical examples are fast ethernet, serial, OC-12. Limits on how many interfaces of some type are captured in the network may be imposed. Indices t refer to interface technologies. It should be noted that the types are not required to be exclusive; an interface can belong to more than one type.
  • [0062]
    Definition 2.7: A is the set of capacity types restricting the concentrator capabilities. These can be values like the collection rate the concentrator can handle, or discrete choices which indicate whether some concentrator type is compatible with some interface type. Indices refer to capacity types.
  • [0000]
    Definition 2.8: The 0/1 constants kf i indicate whether flow f is routed through interface i and therefore can be captured if data collection for interface i is enabled.
  • [0000]
    Definition 2.9: The 0/1 constants ri s indicate whether interface i belongs to router S. Typically, each interface belongs to only one router, but the model does not need to enforce this.
  • [0000]
    Definition 2.10: The 0/1 constants ul i indicate whether interface i uses interface technology t.
  • [0063]
    Definition 2.11: The 0/1 constants vij indicate whether interfaces i and j are linked for data capture purposes. If they are linked, then either both of them are collected or none of them are. Such linked interfaces may exist either because of hardware limitations, which only permit the collection of certain interfaces together or not at all, or it may be a user choice stating for example that if one interface of a router is collected, then all interfaces of this router should be collected.
  • [0064]
    Definition 2.12: The 0/1 constants lq i indicate whether interface i can be collected from location l with a collector of type q. These constants state which choices for the assignment exist; they do not define the assignment itself That is the task of the variables wlq i.
  • [0065]
    Definition 2.13: The non-negative constants ci indicate the cost of enabling interface i for data capture. The cost may be the administration effort or the investment required to set-up data capture or may be a penalty for an eventual performance loss of the interface in case data capture is enabled.
  • [0066]
    Definition 2.14: The non-negative constants dl q indicate the cost of a concentrator of the type q at location l. The cost of the same device at different locations may be different due to local procurement or transportation cost from a central location.
  • [0067]
    Definition 2.15: The non-negative constants mlq i indicate the cost of collecting data of interface i from location l with a collector of type q. This cost may be the cost of connecting the concentrator to the specified interface or it may be the cost of transporting the captured data between the interface and the concentrator. In many situations, this cost component can be neglected, if for example router and concentrator are communicating via a local ethernet connection.
  • [0068]
    Definition 2.16: The non-negative constants of pf indicate the interest in collecting flow f by data capture. This forms an important part of the objective function, concentrating the effort on those flows that provide relevant information. A value of 1 for each flow would provide a uniform interest. If the valise is (considered to be) proportional to the traffic volume of the flow, the objective functions can be used to identify more large flows. See also 4.2 below.
  • [0000]
    Definition 2.17: The non-negative constants bi a indicate the collector capacity of type a required for interface i. These values are used to limit either the impact of the data collection on the router or on the concentrators.
  • [0000]
    Definition 2.18: The non-negative constants gl aq indicate the capacity of a concentrator at location l of type q for a capacity limit of type a.
  • [0000]
    Definition 2.19: The non-negative constants hs a indicate the capacity of a router s for a capacity limit of type a.
  • [0000]
    Definition 2.20: The non-negative constants ei t indicate the effort of type t that is required when collecting data from interface i.
  • [0000]
    Definition 2.21: The non-negative constants c_limitt indicate network wide limitations on all enabled interfaces of technology type t. These values can be used for example to limit the number of high-speed interfaces that are collected.
  • [0069]
    Definition 2.22: The non-negative constants traffici indicate an amount of traffic on interface i. This can be an actually measured traffic counter, or an aggregated traffic value indicative of the relative importance of the interface. These constants are used as part of our objective functions.
  • [0070]
    Definition 2.23: The non-negative constants an are arbitrary, magic numbers that control the relative importance of the different cost factors in the objective functions. By setting some of these values to zero, it is possible to simplify the model excluding some factors in the optimization.
  • [0000]
    2.6 Variables
  • [0071]
    In this section, the variables that are used in the model are described.
  • [0000]
    Definition 2.24: The 0/1 integer variables xi state whether interface i is collected. There are |I| variables of this type in the model.
  • [0000]
    Definition 2.25: The 0/1 integer variables yl q state whether location l has a concentrator of type q. There are |L|*|Q| variables of this type in the model.
  • [0000]
    Definition 2.26: The 0/1 integer variables zf state whether flow f is collected by the data capture. There are |F| variables of this type in the model.
  • [0000]
    Definition 2.27: The 0/1 integer variables wlq i state whether interface I is collected from location l by a collector of type q. There are at most |Q|*|L|*|I| variables of this type in the model.
  • [0072]
    The actual number of variables in the model will depend on the degree of flexibility allowed fro a particular problem instance. It is for example unlikely that each interface would be allowed to be collected from every location in the network, so that many wlq i variables would be pre-set to zero.
  • [0000]
    Definition 2.28: The non-negative, continuous variable investment describes the total investment required for the solution.
  • [0000]
    2.3 Constraints
  • [0073]
    In this section, the constraints of the model are presented.
  • [0074]
    Constraints 2.1 (feasible assignment): This constraint states that an interface can only be assigned to a concentrator if this is allowed by the data. Often this assignment is only) allowed if the router and the concentrator are placed in the same location.
    ∀iεI,lεL,qεQ:wlq i lq i
    Constraints 2.2 (linked variable constraint): This constraint handles linked variables. If two variables are linked, then they are either both collected or both un-collected. This means that the corresponding χi variables must have the same value.
    ∀i,jεI:vij χij
    Constraints 2.3 (total investment): This constraint defines the total investment. It has three components. The first on is based one the cost of selecting an interface for collection, the second is the cost of providing a collector of some type at some location, and the third one is the cost of the assignment of captured interfaces to available concentrators. investment = i l c i χ i + l L q Q d l q y l q + l L i I q Q m lq i w lq i
    Constraint 2.4 (concentrator capacity) This constraint controls the capacity of the concentrators compared to the data collection requirements of the collected interfaces. For each capacity type, the sum of all required capacities of the assigned interfaces must be smaller than the capacity of this type on the concentrator. This constraint can be used for both qualitative and quantitative capacity problems. l L , q Q , a A : i l b i a w lq i g l aq y l q
    Constraint 2.5 (router capacity) This constraint is similar to the concentrator capacity, but handles the capacity of a router to support data collection of selected interfaces. The constraint expresses that for each capacity type the sum of all capacity values required by the collected interfaces must be smaller than the capacity limit given for the router. This can limit the number of interfaces that are collected on a router, and avoids overloading the router with the data collection. s N , a A : { i I r 1 s } b i a χ i h s a
  • [0075]
    Constraint 2.6 (network-wide collector limit) This constraint imposes network wide limits on how many interfaces of each technology type can be collected. This can be used to control the impact of flow capture on the overall network performance or impose for example an upper bound on how many fast network probes are required. t T : { i I u t i } e i t χ i c_limit t
    Constraint 2.7 (assigning interface to concentrator) This constraint links the assignment variables and the interface variables. It states that an interface can be assigned to at most one concentrator, and that an interface can only be collected if it is assigned to a concentrator. i I : l L q Q w lq i = χ i
  • [0076]
    Constrain 2.8 (no useless concentrator) This constraint states that no concentrator is provided if it is not used to collect at least one interface. l L , q Q : i I w lq i y t q
    Constraint 2.9 (concentrator required) This constraint ensures that if an interface is assigned to a concentrator, that concentrator must be active.
    ∀iεI,lεL,qεQ:wlq i≦yl q
    Constraint 2.10 (covering flows(1)) This constraint states that a flow is covered if any of the interfaces through which it is routed is collected.
    ∀iεI,fεF:kf i zf≦χi
    Constraint 2.11 (covering flows(2)) This constraint states that a flow is only covered if one of the interfaces through which it is routed is collected. f F : { i I k f i } χ i z f
    2.4 Objective functions
    2.4.1 Use Case 1
    Constraint 2.12 (limited investment) For use case 1, an additional constraint is that the total investment is bounded by an upper limit.
    investment≦investment_limit
    Objective Function 2.1 (maximum capture) The objective function states that the weighted sum of two components is maximized. The first is the total interest in collecting flows, the second is a weighted sum of the collected interfaces. While not interesting on its own, the second component can help to identify the large flows in a network, even if there is no good a priori indication which flows are large. max α 1 f F p f z f + α 2 i I traffic i χ i
    2.4.2 Use Case 2
    Constraint 2.13 (guaranteed capture level) In the second use case, a given capture limit is guaranteed, and the slum of the interest in the captured interfaces must exceed some fixed limit. f F : p f z f capture_limit
    Objective Function 2.2 (minimize investment) The objective function of the second use case is to minimize the total investment required to achieve the given capture limit.
    min investment
    2.4.3 Use Case 3
    For the third use case some more notation is introduced. {circumflex over (χ)} and ŷ are used to denote the existing, deployed solution. For each decision variable, there is a cost to either introduce or remove collection capability. These costs may be different.
    Definition 2.29 The 0/1 constants {circumflex over (χ)}i denote the existing cover of interfaces.
    Definition 2.30 The 0/1 constants ŷl q denote the existing set of chosen concentrator locations and types.
    Definition 2.31 The non-negative constants ĉi denote the cost of enabling the data capture for interface i, if interface i was not collected in the previous solution.
    Definition 2.32 The non-negative constants {tilde over (c)}i denote the cost of disabling the data capture for interface i, if interface i was collected in the previous solution.
    Definition 2.33 The non-negative constants {circumflex over (d)}l q denote the cost of placing a concentrator of type q at location l, when there was no such concentrator in the previous solution.
    Definition 2.34 The non-negative constants {tilde over (d)}l q denote the cost of removing a concentrator of type q at location 1 when there was such a concentrator in the previous solution.
    Definition 2.35 The definition of the restricted difference is recalled to be x - y = { o : y > x x - y : x y
    Constraints 2.14 (no new investment) This is an optional constraint which states that no new collectors are allowed in the network. This could obviously be relaxed to allow some additional investment. q Q : l L y l q l L y ^ l q
    Constraints 2.15 (guaranteed capture level) Again some predefined capture leve is enforce for the solution. f f p f z f capture_limit
    Objective Function 2.3 (minimize cost of changes) The cost in this third use case is defined by the cost of adding data collection at the newly selected places, and removing it from the no-longer required ones. It is assumed for simplicity that keeping a data collection in some place does not incur any cost. min α 3 i l ( c ^ i ( x i - . x ^ i ) + c ~ i ( x ^ i - . x i ) ) + α 1 l L q Q ( d ^ l q ( y l q - . y ^ l q ) + d ~ l q ( y ^ l q - . y l q ) ) + a 5 l L i I q Q m lq i w lq i
    3 Solution Method
  • [0077]
    The model described above, or a simplification of it, that is used for a particular network flow capture problem, can be solved in a variety of ways. Two particular implementation methods are described.
  • [0000]
    3.1 MIP
  • [0078]
    The model and the objective functions described above can be directly expressed in mixed integer programming (MIP), a solution method in itself known for combinatorial problems. The model contains the classical set covering and the warehouse location problems, for which specialized IP extensions are available.
  • [0000]
    3.2 Greedy Algorithm
  • [0079]
    Another solution method is a greedy algorithm, which tries to build a solution by selecting interfaces that maximize the increase of the capture rate until either the investment limit is reached or the desired capture rate is achieved. In a similar way concentrator locations can be chosen.
  • [0000]
    4 Possible Extensions
  • [0080]
    While the model described in this report may already seem quite complex, there are a number of possible extensions which might be considered.
  • [0000]
    4.1 Combination with TI to Improve Capture Level
  • [0081]
    Traffic inference (TI) is mentioned above as a possible alternative method for identifying the traffic matrix of a network. But it is also possible to combine TI with the flow capture and combine all available data in a single model. Thereby, more information can be deduced, thus allowing even those flows to be identified that are not directly captured by the data collectors. In order to attempt this, it is necessary to synchronize the data collection activities for the traffic inference model with the flow capture. It is also necessary to provide some form of error correction to handle incompatible measurements.
  • [0000]
    4.2 Using TI to Identify Good/Bad Flows to Capture
  • [0082]
    Traffic inference on its own may not be able to identify the exact flow sizes in the traffic matrix, but it is often possible to find at least qualitative information whether a flow is large or not. Such information can be used in the flow capture model as indicators for the interest there is in different flows. This would allow the flow capture to concentrate on the important flows of the network, which often form only a small percentage of all flows that may be considered.
  • [0000]
    4.3. Temporal Aspects
  • [0083]
    The flow capture method described herein provides a traffic matrix for a given time point, or more exactly for a time period. One is then faced with the question of how this matrix is related to the network traffic pattern over time. This temporal question can be approached in different ways.
  • [0084]
    A simple solution consists in measuring the traffic matrix for a long time period, say a day. This provides average numbers for the day. By repeating the process, information about traffic evolution over time can be accumulated.
  • [0085]
    As an alternative, the traffic matrix can be identified for shorter time periods. Subsequently, averaging is performed on the resulting traffic matrices. To obtain a worst case scenario, the maximal flow value between two points in any of the collected matrices may be considered. Taken together this would give a traffic matrix that gives an upper bound to the network traffic at any time point.
  • [0000]
    4.4 Capturing Flows Multiple Times
  • [0086]
    In the described model it is considered necessary to identify a flow just once in order to identify it. However, by placing multiple data collectors on the network, some flows will be automatically collected multiple times. It is then possible to simply pick one of the measurements as the value, or to perform data reconciliation to maximize the likelihood of extracting meaningful data from the network. This is similar to the error correction required in the traffic inference approach, and similar modelling techniques can be applied.
  • [0000]
    4.4.1 Intentional Multiple Capture
  • [0087]
    As a further extension it is possible to capture flows not just once, but multiple times so that consistency checking can be performed on the measurement for all (interesting) flows. This again is a simple extension of the model given above.
  • [0000]
    4.5 Perfect Load Balancing
  • [0088]
    In the model it is assumed that it is necessary to collect data from an interface through which a flow is routed in order to capture the flow. However, there might be a special situation where a flow can be deduced even if none of the interfaces through which it travels are collected. One such case is perfect load balancing on multiple, equal cost paths. If the traffic between two nodes is routed over several paths which have the same routing cost, and if perfect load balancing between them is assumed, then it is possible to identify the total flow between the nodes by capturing one of these paths and adjusting the total flow sized according to the load balancing split. The model can handle this by associating all interface on all equal cost paths between the nodes with that total flow.
  • [0089]
    It should be noted that the present invention is not limited to the embodiment described above. It is envisaged that various modifications and variations to the above described embodiment could be made without falling outside the scope of the invention as determined from the claims.
    APPENDIX
    Symbol Explanation
    A The set of all capacity types restricting the concentrators
    F The set of all flows considered
    I The set of all interfaces
    L The set of all locations for concentrators
    N The set of all routers
    Q The multi-set of concentrator types
    |Q| The maximum number of concentrators in one location
    T The set of all interface technologies
    a Index ranging over capacity types
    bi a collector capacity of type a required for interface i
    ci cost of enabling interface i for collection
    c_limitt network wide limit on collectors of technology type t
    dl q cost of concentrator of type q in location l
    ei t effort of type t collecting interface i
    f index ranging over flows
    gl aq collector to type q has this capacity of type a in location l
    hs a router s has this capacity of type a
    i index ranging over interfaces
    j index ranging over interfaces
    kf i flow f is routed through interface I
    l index ranging over locations
    mlq i cost of collecting interface i from location l with a
    concentrator of type g
    pf interest of collecting flow f
    q index ranging over concentrator types
    ri s interface i belongs to router s
    s index ranging over routers
    t index ranging over interface technologies
    traffici traffic on interface i
    ut i interface i uses technology t
    vij interface i and j are linked for collection
    lq i interface i can be collected from location l with
    concentrator of type q
    αn magic numbers in cost functions
  • [0090]
    SYMBOLS
    Symbol Explanation
    wlq i 0/1 integer variable, interface i is collected from location l
    with concentrator of type q
    xi 0/1 integer variable, interface i is collected
    yl q 0/1 integer variable, location l has concentrator of type q
    zf 0/1 integer variable, flow f is covered
    investment non-negative variable, the total amount spent on data
    collection
Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US5426674 *Oct 25, 1993Jun 20, 1995Nemirovsky; PaulMethod and computer system for selecting and evaluating data routes and arranging a distributed data communication network
US5450408 *Sep 30, 1991Sep 12, 1995Hewlett-Packard CompanyMethod of ascertaining topology features of a network
US5526283 *Jan 26, 1994Jun 11, 1996International Business Machines CorporationRealtime high speed data capture in response to an event
US5598532 *Oct 21, 1993Jan 28, 1997Optimal NetworksMethod and apparatus for optimizing computer networks
US6278694 *Apr 16, 1999Aug 21, 2001Concord Communications Inc.Collecting and reporting monitoring data from remote network probes
US6701324 *Jun 30, 1999Mar 2, 2004International Business Machines CorporationData collector for use in a scalable, distributed, asynchronous data collection mechanism
US6792434 *Apr 20, 2001Sep 14, 2004Mitsubishi Electric Research Laboratories, Inc.Content-based visualization and user-modeling for interactive browsing and retrieval in multimedia databases
US7080136 *Jan 24, 2002Jul 18, 2006At & T Corp.Method and apparatus for size-dependent sampling for managing a data network
US7295960 *Mar 13, 2003Nov 13, 2007Wireless Valley Communications, Inc.System and method for automated placement or configuration of equipment for obtaining desired network performance objectives
US7376574 *Jan 12, 2001May 20, 2008Express Scripts, Inc.System and method for optimizing benefit plan designs
US7478071 *Jun 11, 2002Jan 13, 2009Hrl Laboratories, LlcMethod and apparatus for determining and assessing information to be collected based on information-theoretic measures
US7535849 *Jun 26, 2002May 19, 2009Nokia CorporationMethod for communication network performance analysis
US20020103916 *Sep 5, 2001Aug 1, 2002Benjie ChenThwarting connection-based denial of service attacks
US20020143926 *Jan 26, 2001Oct 3, 2002Maltz David A.Method and system for collecting traffic data in a computer network
US20020143929 *Jan 26, 2001Oct 3, 2002Maltz David A.Method and system for collection and storage of traffic data from heterogeneous network elements in a computer network
US20020188710 *Jan 24, 2002Dec 12, 2002At&T Corp.Size-dependent sampling for managing a data network
US20030097438 *Oct 15, 2002May 22, 2003Bearden Mark J.Network topology discovery systems and methods and their use in testing frameworks for determining suitability of a network for target applications
US20040143428 *Mar 13, 2003Jul 22, 2004Rappaport Theodore S.System and method for automated placement or configuration of equipment for obtaining desired network performance objectives
US20040236547 *Nov 18, 2003Nov 25, 2004Rappaport Theodore S.System and method for automated placement or configuration of equipment for obtaining desired network performance objectives and for security, RF tags, and bandwidth provisioning
Non-Patent Citations
Reference
1 *AWDUCHE, ET AL. "OVERVIEW AND PRINCIPLES OF INTERNET TRAFFIC ENGINEERING," INTERNET SOCIETY, 2002.
2 *MILLS ET AL. "INTERNET ACCOUNTING: BACKGROUND," INTERNET SOCIETY, 1991.
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7877284Jun 5, 2006Jan 25, 2011International Business Machines CorporationMethod and system for developing an accurate skills inventory using data from delivery operations
US8001068Jun 5, 2006Aug 16, 2011International Business Machines CorporationSystem and method for calibrating and extrapolating management-inherent complexity metrics and human-perceived complexity metrics of information technology management
US8125911Nov 26, 2008Feb 28, 2012Cisco Technology, Inc.First-hop domain reliability measurement and load balancing in a computer network
US8179799Nov 30, 2007May 15, 2012Solarwinds Worldwide, LlcMethod for partitioning network flows based on their time information
US8266268 *Jul 7, 2011Sep 11, 2012Sprint Communications Company L.P.Method and system for deploying a network monitoring service within a communication network
US8468042Jun 5, 2006Jun 18, 2013International Business Machines CorporationMethod and apparatus for discovering and utilizing atomic services for service delivery
US8489765May 28, 2010Jul 16, 2013Cisco Technology, Inc.Dynamic directed acyclic graph (DAG) adjustment
US8554596Jun 5, 2006Oct 8, 2013International Business Machines CorporationSystem and methods for managing complex service delivery through coordination and integration of structured and unstructured activities
US8601113Nov 30, 2007Dec 3, 2013Solarwinds Worldwide, LlcMethod for summarizing flow information from network devices
US9110934Jun 2, 2006Aug 18, 2015International Business Machines CorporationSystem and method for delivering an integrated server administration platform
US9210181 *May 26, 2014Dec 8, 2015Solana Networks Inc.Detection of anomaly in network flow data
US9331919 *Nov 30, 2007May 3, 2016Solarwinds Worldwide, LlcMethod for summarizing flow information of network devices
US20070282622 *Jun 5, 2006Dec 6, 2007International Business Machines CorporationMethod and system for developing an accurate skills inventory using data from delivery operations
US20070282644 *Jun 5, 2006Dec 6, 2007Yixin DiaoSystem and method for calibrating and extrapolating complexity metrics of information technology management
US20070282645 *Jun 5, 2006Dec 6, 2007Aaron Baeten BrownMethod and apparatus for quantifying complexity of information
US20070282655 *Jun 5, 2006Dec 6, 2007International Business Machines CorporationMethod and apparatus for discovering and utilizing atomic services for service delivery
US20070282659 *Jun 5, 2006Dec 6, 2007International Business Machines CorporationSystem and Methods for Managing Complex Service Delivery Through Coordination and Integration of Structured and Unstructured Activities
US20070282692 *Jun 5, 2006Dec 6, 2007Ellis Edward BishopMethod and apparatus for model driven service delivery management
US20070282942 *Jun 2, 2006Dec 6, 2007International Business Machines CorporationSystem and Method for Delivering an Integrated Server Administration Platform
US20070288274 *Jun 5, 2006Dec 13, 2007Tian Jy ChaoEnvironment aware resource capacity planning for service delivery
US20080215404 *May 15, 2008Sep 4, 2008International Business Machines CorporationMethod for Service Offering Comparative IT Management Activity Complexity Benchmarking
US20090144304 *Nov 30, 2007Jun 4, 2009Josh StephensMethod for summarizing flow information of network devices
US20090144414 *Nov 30, 2007Jun 4, 2009Joel DolisyMethod for summarizing flow information from network devices
US20090201817 *Feb 8, 2008Aug 13, 2009International Business Machines CorporationMethod of optimizing a flow of value in a network
US20100042620 *Aug 20, 2009Feb 18, 2010International Business Machines CorporationSystem and Methods for Managing Complex Service Delivery Through Coordination and Integration of Structured and Unstructured Activities
US20100128606 *Nov 26, 2008May 27, 2010Patel Rahul GFirst-hop domain reliability measurement and load balancing in a computer network
US20110231573 *May 28, 2010Sep 22, 2011Jean-Philippe VasseurDynamic directed acyclic graph (dag) adjustment
US20130232193 *Mar 3, 2013Sep 5, 2013Zafar AliControl-Plane Interface Between Layers in a Multilayer Network
US20140324727 *Nov 15, 2012Oct 30, 2014Exxonmobil Upstream Research CompayMethod of simulating shipping of liquefied natural gas
US20150324714 *Apr 16, 2015Nov 12, 2015Yufen ShaoMethod of Generating An Optimized Ship Schedule To Deliver Liquefied Natural Gas
Classifications
U.S. Classification709/223
International ClassificationH04L12/24, G06F15/173
Cooperative ClassificationH04L43/067, H04L43/12, H04L41/142, H04L43/00
European ClassificationH04L12/26M, H04L43/00, H04L41/14B
Legal Events
DateCodeEventDescription
Sep 1, 2005ASAssignment
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIA, QUANSHI;SIMONIS, HELMUT MATTHIAS;REEL/FRAME:017701/0450;SIGNING DATES FROM 20050808 TO 20050830
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIA, QUANSHI;SIMONIS, HELMUT MATTHIAS;SIGNING DATES FROM20050808 TO 20050830;REEL/FRAME:017701/0450
Oct 17, 2016FPAYFee payment
Year of fee payment: 4